Scam of the Week – Meltdown and Spectre

January 5, 2018 4:34 pm Paul Mullin

Another year, another major security incident comes to light. The first of this year’s Scam of the Week series looks at Meltdown and Spectre, which are being called the ‘worst ever’ CPU bugs affecting virtually all computers.

This CPU bug can be found in everything from smartphones to PCs to cloud computing devices. Even Apple, often touted for their safety features have announced that the Meltdown and Spectre flaws affect all Mac and iOS devices.

What are Meltdown and Spectre?

Meltdown is a security flaw that can enable hackers to bypass the hardware barrier between apps run by the user and the computer’s core memory.

Spectre, on the other hand, allows hackers to trick otherwise error free apps into giving up secret information.

How bad is it?

Although the year has only started, this will undoubtedly be one of the major tech security issues of 2018. Meltdown in particular is a serious problem in the short term that must be addressed ASAP. The Meltdown conundrum is a problem in that anything that runs an application can, in theory, steal your data. This even incudes simple things such as javascript viewed in a browser.

Meanwhile, Spectre will likely be utilised by more seasoned hackers as its harder to take advantage of. If a hacker utilises it to its full potential it is much harder to fix and commentators say it will be a much bigger problem in the long term.

In terms of the sensitive information that can be mined with these flaws, this includes anything stored in the devices affected memory. This means banking records, credit cards, financial data, logins, passwords and sensitive communications amongst others.

Can it be fixed?

You should update your computers with the latest security fixes as soon as possible. There are fixes for Linux and Windows already available.

Some devices are already protected such as Chromebooks that have been updated to Google’s Chrome OS63, Nexus and Pixel smartphones.

Users of other devices, such as Samsung and OnePlus, will need to wait for updates to be pushed out by their third-party manufacturers.

Apple released a statement last night in regard to their own devices to say: ““Since exploiting many of these issues requires a malicious app to be loaded on your Mac or iOS device, we recommend downloading software only from trusted sources such as the app store.”

Will this be an even more notable year for cyber security threats than last year? Is this just the tip of the iceberg, let us know how you see this year panning out in terms of cyber security.